Introducing Checkmarx Software Composition Analysis (CxSCA)

WordPress Security Check – Plugins Could Leave Online Shoppers and Businesses Vulnerable On Cyber Monday

As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday- more and more shoppers are preparing to do their purchasing online from the comfort of their homes.


In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution, to run a scan WordPress security check of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.

WordPress Security Check: Plugins used by over 100,000 websites could be vulnerable

Our research focused specifically on scanning for high-level vulnerabilities and 12 WordPress e-commerce plugins were scanned during our research which was conducted throughout the first half of November 2016.

Download our free research report below to learn:

  • How many out of the top 12 WordPress e-commerce plugins contain vulnerabilities
  • Which vulnerabilities were found during our research and the impact they can have on business
  • What organizations using plugins can do to ensure their sites remain secure
  • Tips for online shoppers to stay safe while shopping on Cyber Monday



What are the latest and greatest WP vulnerabilities?

The most notable WordPress vulnerability that came to light in 2016 is the suspected role that an unpatched version of the Revolution Image Slider WordPress Plugin played in the release of over 11.5 million documents and 2.6TB of data in the notorious Panama Papers Leak affecting Mossack-Fonseca in April 2016.

In June 2016, attackers had exploited an unpatched vulnerability in the WP Mobile Detector plug-in installed on over 10,000 websites which allowed hackers to remotely upload arbitrary files to the Web server. Many vulnerable sites were infected with porn spam doorways.

WP Security: Tips for Businesses Working with WordPress Plugins

When it comes to security issues facing WordPress security, plugins should be a major concern.Businesses using WordPress e-commerce plugins take certain steps to avoid introducing risks into their websites.

Regardless of the size of your business, it’s critical to only download plugins from trusted sources, and, in this case, should be the only place where you download plugins as the ease of which WordPress plugins are developed makes nefarious plugins a favorite for hackers.

Since WordPress plugins are open-source, it’s possible to scan the source code with a static source code analysis solution in order to ensure that it is vulnerability free. It’s also important to ensure that all plugins stay up to date and to stay on top of any WordPress vulnerabilities through the WordPress Vulnerability Database.


Jump to Category